Menu
Menu
Menu
Menu
Menu
Menu
Edition 1.0
Management’s commitment to information security – the company’s management considers the protection of information in terms of completeness, availability and reliability as an utmost importance matter. The organization’s management will allocate the required resources, in order to protect the organization’s information and assets and meet the requirements of the information security management system (ISMS) as required by the ISO 27001 standard.
Company employees must be aware of the risks of information disclosure, take all measures to prevent disclosure, and in the case they face an unusual event, they must report it to the organization’s information security officials.
To set goals
according to the
risks determined.
Commitment to continuous improvement of the information security system.
Commitment to conduct trainings in order to raise employees’ awareness to follow information security issues.
Commitment to maintain medical confidentiality.
Commitment to take a method of non-compliance and corrective action regarding information security.
Review the procedures and policies once a year and verify their suitability and effectiveness.
The main principles of the risk assessment method
The principles of the information security policy will be based on a risk management system, which identifies, controls,
minimizes or prevents the security risks that may affect the information, its databases or its systems.
All organization’s employees undertake a personal responsibility regarding maintaining the security and confidentiality of information, and in particular information belonging to customers / contracts.
Will assist in all administrative aspects of standard management and information security in the company
Responsible for the ongoing management of information security matters in the company.
Logical security
Logical security is the main and closest “layer” in protecting the information found in the computer and communication systems. The Information Security Officer in the organization will outline the required level of logical security for the various components of the computer and communication systems. A permission policy and access control for sensitive information will be implemented in accordance with the role and professional need.
Procurement and suppliers
Information security aspects are implemented in communication and work with external suppliers.
Secured development
Information security aspects were defined and integrated in software development processes, information systems and business intelligence (outsourcing)
Physical security
Physical protections and controls will be implemented (such as login passwords on mobile computers) in order to prevent actions that may result in disclosure, theft, modification or destruction of information. These protective measures will correspond to the classification level of the information and the work environment.
Access control
Rules and principles have been established for providing access to the information systems and controlling network connection.
Integration of encryption mechanisms
The organization has developed principles for the integration of encryption mechanisms in the company’s systems, in order to protect sensitive information from exposure and change.
Human resources security
Information security principles have been established in everything related to the company’s employees, in order to reduce the risks arising from problems with the reliability of employees, a lack of awareness of employees or a deliberate desire of an employee to damage the information stored in the company’s information systems or that belongs to a client.
Remote work
The organization has established information security rules and guidelines for the remote access of the organization’s employees and external parties to the company’s network.
Backups
processes have been defined in the company to ensure the reliability, completeness, availability and integrity of the information, to ensure that the various types of information that exist in the organization are identified, and that backup requirements for each type of information are defined according to the sensitivity of the information.
The company’s management considers all managers and employees to be full partners in the effort to protect the information and expects cooperation in the implementation of the policy and the rules derived from it. The organization will review the policy once a year and update it accordingly.
Tap into over 30 years of experienced advice and take a leap toward new opportunities and business success.
Tap into over 30 years of experienced advice and take a leap toward new opportunities and business success.
